US20220417223A1 - Managing Communication Of Sensitive Information - Google Patents

Managing Communication Of Sensitive Information Download PDF

Info

Publication number
US20220417223A1
US20220417223A1 US17/640,515 US201917640515A US2022417223A1 US 20220417223 A1 US20220417223 A1 US 20220417223A1 US 201917640515 A US201917640515 A US 201917640515A US 2022417223 A1 US2022417223 A1 US 2022417223A1
Authority
US
United States
Prior art keywords
server
sensitive information
computer
user
user device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
US17/640,515
Inventor
Ranjiva Prasad
Maheswaran VIRUPATCHAN
Vishal GANGWANI
Dean Kramer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa Europe Ltd
Visa International Service Association
Original Assignee
Visa Europe Ltd
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa Europe Ltd, Visa International Service Association filed Critical Visa Europe Ltd
Assigned to VISA INTERNATIONAL SERVICE ASSOCIATION reassignment VISA INTERNATIONAL SERVICE ASSOCIATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GANGWANI, Vishal, KRAMER, Dean, PRASAD, Ranjiva, VIRUPATCHAN, Maheswaran
Publication of US20220417223A1 publication Critical patent/US20220417223A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0207Discounts or incentives, e.g. coupons or rebates
    • G06Q30/0226Incentive systems for frequent usage, e.g. frequent flyer miles programs or point systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/387Payment using discounts or coupons

Definitions

  • the present application relates to managing communications of a networked system and, more specifically, to a server computer and a method for managing the transfer of sensitive information between multiple entities within such a system.
  • Typical transaction systems that are part of such payment networks, allow a user to make a payment using a payment card or a computing device by obtaining information from the card or device and communicating details of the transaction and the obtained information to an entity within the system, such as a payment service provider, for further processing.
  • Certain transaction systems comprise a third party, with which the user has an account and to which communications regarding the transaction are exchanged in order to update a status of the user's account based on the details of the transaction.
  • a computer implemented method comprising: receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server; receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and associating, by the first server, the first sensitive information with the second sensitive information.
  • the first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.
  • a server computer comprising: a processor; and a computer readable medium configured to store executable instructions, wherein the server computer is configured to communicate with a user device and a second server computer, and the processor is configured to execute the stored executable instructions to: receive, from the second server computer via a first communication channel, first sensitive information relating to a user having an account with the second server; receive, from the user device, second sensitive data associated with the user, wherein the second sensitive information is different to the first sensitive information; receive, from the user device via a second, different communication channel, second sensitive information via the data entry page; and associate the first sensitive information with the second sensitive information.
  • a system comprising a client computer, a first server and a second server, wherein the first server is configured to: interact with the second server and the client computer via respective data transfer channels; receive, from the second server via the respective data transfer channel, first sensitive information relating to a user having an account with the second server and associated with the client computer; provide a data entry page accessible by the client computer; receive, from the client computer via the respective data transfer channel, second sensitive information associated with the user via the data entry page, wherein the second sensitive information is different to the first sensitive information; and link the first sensitive information with the second sensitive information; wherein the client computer is configured to: access the data entry page to allow the user to input the second sensitive information into the data entry page; and provide the second sensitive information to the first server via the respective data transfer channel; wherein the second server is configured to: identify the account of the user; retrieve the first sensitive information relating to the user using the identified account; and send the first sensitive information to the first server via the respective data transfer channel.
  • FIG. 1 is a schematic diagram of a transaction system, according to an example.
  • FIG. 2 is a schematic diagram of a first server computer, according to an example.
  • FIG. 3 is a schematic diagram of the transaction system of FIG. 1 , according to an example.
  • FIG. 4 is a schematic diagram of the transaction system of FIG. 1 , according to an example.
  • FIG. 5 is a schematic diagram of a user device, according to an example.
  • FIG. 6 is a schematic diagram of a transaction system, according to an example.
  • FIG. 7 is a schematic representation of a database stored by a first server computer, according to an example.
  • FIG. 1 shows a transaction system 100 to which embodiments described herein have particular applications.
  • the transaction system 100 comprises a first server computer 110 , a second server computer 120 and a user device 130 .
  • the first server computer 110 and the second server computer 120 communicate via a first communication channel 210 .
  • the first server computer 110 and the user device 130 communicate via a second communication channel 220 .
  • the first server computer 110 and the second server computer 120 may receive, process, and maintain information relating to a user of the user device 130 and any transactions carried out using the same.
  • the first and second communication channels 210 , 220 may be communication channels across a network, such as the Internet or a private network.
  • the user device 130 may be a client computer associated with a user, a portable electronic device, such as a smartphone, a smartwatch, a wearable device, or a tablet computer.
  • the user device 130 may execute a software application, such as an electronic mobile wallet application storing payment data relating to the user that enables the user to carry out transactions using the device.
  • FIG. 2 shows the first server computer 110 to which embodiments described herein have particular applications.
  • the first server computer 110 comprises a communication interface 111 , a memory 112 , and a processor 130 .
  • the communication interface 111 receives and transmits communications via the first and second communication channels 210 and 220 ( FIG. 1 ) to thereby interact with the second server computer 120 and the user device 130 .
  • the communication interface 111 is coupled to the memory 112 and the processor 113 and forwards any received communications to the processor 113 via an internal bus (not shown).
  • the memory 112 is coupled to the processor 113 and stores computer readable instructions 114 that are executable by the processor 113 to cause the first server computer 110 to perform one or more processes.
  • the processor 113 may execute computer-readable instructions of one or more software applications.
  • a user associated with the user device 130 may have an account with the second server computer 120 .
  • the second server computer 130 may provide a service to the user and maintain a record for the user, where the record contains sensitive information relating to the user.
  • the sensitive information may be a user's name, address, date of birth, account identifier, and historical transaction data.
  • a user associated with the user device 130 may have one or more other accounts with the first server computer 110 .
  • the first server computer 110 may host services that are accessible by the user device 130 and maintain a record per service for the user, where the record contains sensitive information relating to the user.
  • the sensitive information may be payment information comprising payment card details (such as, a primary account number (PAN), a card identifier, digits from a card number and a card security code), payment account details of the user (such as, a bank name and an account number), and historical payment data for the user.
  • payment card details such as, a primary account number (PAN), a card identifier, digits from a card number and a card security code
  • payment account details of the user such as, a bank name and an account number
  • historical payment data for the user such as, a bank name and an account number
  • the system 100 may perform a data linking process for the user using the first and second communication channels 210 , 220 , described in more detail in relation to FIG. 3 below.
  • a data linking process for the user using the first and second communication channels 210 , 220 , described in more detail in relation to FIG. 3 below.
  • an association may be defined between different sensitive information of the user, originating from different sources, which can be utilized by other processes, described in more detail in relation to FIG. 6 .
  • FIG. 3 shows the system 100 of FIG. 1 and a flow of communications exchanged between the component parts of the system 100 as part of a data linking process, according to an example.
  • the first server computer 110 receives a first message M 1 containing first sensitive information from the second server computer 120 .
  • the first sensitive information relates to a user who has an account with the second server computer 120 .
  • the first server computer 110 receives a second message M 2 containing second sensitive information from the user device 130 .
  • the second sensitive information is received via a data entry page hosted by the first server computer 110 and is communicated to the first server computer 110 .
  • the data entry page is configured to receive second sensitive data associated with the user.
  • the second sensitive information is different to the first sensitive information.
  • the first server computer 110 may validate the second sensitive information before the second sensitive information is associated with the first sensitive information.
  • step S 301 is be triggered by the user device 130 accessing a webpage hosted by the second server computer 120 , for example, accessing a user account as a result of a user interacting with the user device 130 and navigating to their account using a web browser on the device 130 .
  • step S 130 may be triggered without user involvement, for example, by the user device 130 connecting to a network associated with the second server computer 120 , for example, a Wi-Fi network.
  • the first server computer 110 associates the first sensitive information with the second sensitive information within a database ( FIG. 7 ) that the first server computer 110 maintains.
  • the association of the first and second sensitive information may be the storing of the first and second information in with the same user identifier, the storing of both the first and second information within a single record maintained by the first server computer 110 and associated with the user, and the storing of the first and second sensitive information in separate records that include a pointer to one another.
  • any future access request specifying a common user identifier, or identifying one of the first and second sensitive information, such as a read request, to the or each record could result in retrieval, or at least identification, of both the first and the second sensitive information.
  • the first server computer 110 may validate the second sensitive information before the second sensitive information is associated with the first sensitive information.
  • the process described in relation to FIG. 3 may be repeated in order to link further sensitive information with the first sensitive information in a many-to-one relationship.
  • the use of the different communication channels for sending respective sensitive information enables the different sensitive information to be securely received at a single location, first server computer 110 , from different sources: in this example the second server computer 120 and the user device 130 .
  • first sensitive information is communicated directly to the first server computer 110 from the second server computer 120 and is not shared with the user device 130 and
  • the second sensitive information is communicated directly to the first server computer 110 from the user device 130 and is not shared with the second server computer 120 . Consequently, the number of separate communications containing sensitive information is reduced compared to a system that does not have two different and direct communication channels between a source of information and a target for the information. This increases the security and the efficiency of the system 100 .
  • association between the first and second sensitive information and the direct communication between the first and second server computer 110 , 120 increases the efficiency of a process carried out by the second server computer 120 using the first sensitive information because the process is automatically initiated by another process carried out by the first server computer 110 using the second sensitive information, and vice versa.
  • association means there is no need to provide the first or second sensitive information to the first server computer 110 in order to initiate any subsequent processes using the respective information because the first server already stores the association and the first and second sensitive information.
  • the direct communication 210 between the second server computer 120 and the first server computer 110 has the effect that the user device 130 is not involved in generating the first sensitive information or providing the first sensitive information to the first server computer 110 .
  • the user device is not involved with the first sensitive information which: (i) eliminates the risk of erroneous input of the information at the user device 130 (so increases the reliability of information); and (ii) avoids storing the first sensitive information on the user device 130 , for example a browser operating on the user device 130 may store such sensitive information within a browser history or web log, which are considered to be unsecure.
  • the number of communications containing the first sensitive information is reduced, thus reducing the risk of interception of the first sensitive information.
  • FIG. 4 shows the system 100 of FIG. 1 and a flow of communications between the components parts of the system 100 , according to an example.
  • FIG. 4 provides further detail to the example of FIG. 3 .
  • the first server computer 110 receives a first message M 11 comprising first sensitive information from the second server computer 120 , where the first sensitive information relates to a user having an account with the second server computer 120 .
  • the second server computer 120 maintains a database comprising information relating to a plurality of users. Each of the users may have an account, such as an online account, with the second server computer 120 , whereby the user has previously provided particular information to the second server computer 120 and is provided with a service, where the provided information is stored within a record of the database corresponding to their account.
  • the second server computer 120 may store information relating to each user in corresponding record(s) of the database to facilitate access to an account of a user to obtain first sensitive information.
  • the second server computer 120 may search its database using an identifier associated with a user in order to locate corresponding account information.
  • the user device 130 may provide the identifier to the second server computer 120 .
  • the message M 11 also contains a re-direct URL, generated by the second server computer 120 , and to be forwarded to the user device at a later point in time (step S 406 ).
  • the first server computer 110 generates and transmits a second message M 12 comprising a session identifier to the second server computer 120 .
  • the second message M 12 may be embedded within a first token.
  • the first token may be used as a replacement or substitute for the session identifier.
  • the second server computer 120 generates a third message M 13 that forwards the session identifier and a URL for a data entry page associated with the session identifier to the user device 130 .
  • the URL is generated by the second server computer 120 and is specific to the user of the user device 130 to allow the second server computer 120 to identify which user is the subject of any communication sent to the URL.
  • the second server computer 120 may use the first token to provide the session identifier to the user device 130 .
  • the session identifier may be embedded within or appended to the first token.
  • the URL and the session identifier enable the user device to access the corresponding data entry page hosted by the first server computer 110 and to provide second sensitive information to the first server computer 110 via the data entry page.
  • the first server computer 110 may serve e.g. a web data entry page to a browser on the user device 130 , included in a fourth message M 14 .
  • the data entry page is opened as an iFrame within the browser.
  • the first server computer 110 transmits a second token with the data entry page, where the first and second tokens are different. The second token may be used to submit data into the data entry page.
  • first and second tokens provide another way of verifying the integrity of received data and thus enables an intercepted communication to be more easily identified if the token has been modified.
  • the first and second tokens may be JSON web tokens (JWT) that are one-time use tokens and locked to a particular resource, which, in the example of FIG. 4 , is the session identifier for the first token and is the submitted data for the second token.
  • JWT may be present in the header of a HTTPS request between the respective entities of the system 100 and used to verify the source of the data or message that the JWT accompanies.
  • the JWT is generated using an asymmetric algorithm, such as the RSA 256 algorithm.
  • the first server computer 110 receives a fifth message M 15 that comprises the second token comprising the session identifier and the second sensitive information from the user device 130 via the data entry page.
  • the session identifier provides a way for the user device 130 to identify to the first server computer 110 that the second sensitive information is sent by the user device 130 .
  • the first server computer 110 validates the second sensitive information, by, in some examples, forwarding the second sensitive information to an account validating entity.
  • the first server computer 110 associates the second sensitive information with the first sensitive information.
  • the first server computer 110 provides the re-direct URL to the user device 130 in a seventh message M 17 .
  • the re-direct URL causes the browser of the user device 130 to automatically access a webpage associated with the second server computer 120 and identified by the re-direct URL.
  • the process described in relation to FIG. 4 may be repeated with other server computers in direct communication with the first server computer 110 so that the first server computer 110 links other sensitive information received from the respective other servers with the second sensitive information.
  • the second sensitive information may be linked with information provided by multiple sources and thus be in a many-to-one relationship. Consequently, an access request for the second sensitive information submitted to a database of the first server computer 110 could return some or all sensitive information previously associated with the second sensitive information by the first server computer 110 .
  • FIG. 5 shows the user device 130 .
  • the user device 130 may be running a web browser 132 that accesses a webpage hosted by the second server computer 120 to initiate a data linking process at step S 401 of FIG. 4 .
  • the web browser 132 may also access a data entry page 134 hosted by the first server computer 110 at step S 404 of FIG. 4 .
  • the web browser 132 accesses the data entry page 134 by providing a session identifier to the first server computer 110 , where the session identifier was received from the first server computer 110 via the second server computer 120 at step S 403 of FIG. 4 .
  • the web browser 132 may subsequently access a web page associated with the re-direct URL provided to the user device 130 at step S 406 of FIG. 4 .
  • the linked or associated sensitive information maintained by the first server computer 110 may be an association between different sources, such as an electronic wallet application executing on a user device and a loyalty scheme account of a loyalty scheme provider, and used to process transactions involving the user device.
  • FIG. 6 shows the system 100 of FIG. 1 and a flow of communications transferred between the component parts of the system 100 as part of a process of using linked data, according to an example.
  • system 100 is communicatively coupled to a merchant point-of-sale (POS) device 150 .
  • POS device 150 is associated with a merchant that provides goods and/or services, or access thereto, to a user based on a transaction.
  • the user device 130 provides sensitive information to the POS device 150 .
  • the sensitive information comprises payment card details or details of a payment account.
  • the POS device 150 communicates the sensitive information and corresponding transaction data to the first server computer 110 .
  • the corresponding transaction data comprises a transaction amount.
  • the POS device 150 is in communication with another computing entity that processes the payment and/or transaction data before forwarding it on to the first server computer 110 .
  • the first server computer 110 maintains a database 700 ( FIG. 7 ) containing sensitive information for a plurality of users that each have an account with the first server computer 110 .
  • the database 700 has five columns: Record ID; Surname; Loyalty card ID, Payment card ID; and Account number, and maintains a plurality of records 730 , each corresponding to a respective user.
  • the loyalty card ID column contains the first sensitive information 710 previously provided to the first server computer 110 by the second server computer 120 as part of a data linking process (described in relation to FIGS. 1 - 5 ).
  • the Payment card ID and the Account number columns contain the second sensitive information 720 previously provided to the first server computer 110 by the user device 130 as part of the data linking process (described in relation to FIGS. 1 - 5 ).
  • the first server computer 110 Based on the sensitive information received at step S 601 , such as payment card details or details of a payment account, the first server computer 110 identifies a record of the plurality of records in the database 700 associated with the user device 130 .
  • the sensitive information comprises a payment card identifier “3003”. Accordingly, the identifier “3003” is used as the basis for a search within the database 700 . A search based on “3003” would identify the record with record ID “3” in the database 700 .
  • the first server computer 110 proceeds to retrieve other sensitive information, such as the loyalty card ID number “67832”, that was previously associated with the received sensitive information “3003” in a data linking process from the identified record “3”, where at least some of the other sensitive information was previously provided by the second server computer 120 in accordance with steps 301 and 401 described above.
  • other sensitive information such as the loyalty card ID number “67832”
  • the first server computer 110 communicates the transaction data and at least some of the sensitive information, including at least the loyalty card ID “67832” within the identified record “3” to the second server computer 120 with which the user of the user device 130 has an account.
  • the second server computer 120 identifies the user's account using the loyalty card ID “67832” and updates the user's account based on the transaction data.
  • the second server computer 120 sends a communication to the user device 130 notifying the user that their account with the second server computer 120 has been updated based on the transaction.
  • the first server computer 110 may be queried, for example by the second server computer 120 , to retrieve details of the association between an account maintained by the second server computer 120 and one or more maintained by the first server computer 110 .
  • the system 100 described in relation to FIGS. 1 - 7 may have particular application in a transaction system where the first server computer 110 is a payment processing server and the second server computer 120 is a loyalty scheme server.
  • the payment processing server 110 may comprise a transaction service provider and/or an issuer server, or be in communication therewith, to process transaction and payment data to enable a transaction between a user and a merchant to be authorized and completed.
  • the loyalty scheme server 120 maintains loyalty accounts for a plurality of users and updates the status of each account based on and in response to transactions that the respective users carry out at merchant locations, for example, at a merchant's POS device, which may be in a store or implemented as software on the merchant's website. As such, the loyalty scheme server 120 and the payment processing server 130 have a shared interest in user transactions.
  • the payment processing server 110 receives sensitive information relating to a user from the loyalty scheme server 120 (for example, a loyalty scheme identifier) and the user device 130 (for example, payment card details) and defines an association between the two and thus, a user's loyalty account, for which a user may have a physical or an electronic loyalty account card, and a user's payment account, for which the user may have a physical or an electronic payment card. Accordingly, the association between the user's loyalty account and the user's payment account would be understood to be an association between the user's loyalty account card and the user's payment account card.
  • a user may link multiple payment cards to a single loyalty account card by repeating the methods described in relation to FIGS. 3 and 4 .
  • the database would contain a single “Loyalty card ID” column and multiple “Payment card ID” columns, such as “1 st Payment card ID”, “2nd Payment card ID”, etc.
  • transaction data may be monitored and passed directly from the payment processing server 110 to the loyalty scheme server 120 so that a user account maintained by the loyalty scheme server 120 can be updated, without requiring user intervention or further communications with the user device 130 , when the payment processing server 110 is processing a transaction.
  • the user is not required to separately interact with the merchant's POS device 150 using their loyalty account card and their payment account card. Rather, a single interaction between the POS device 150 and the user's payment account card facilitates the updating of the user's loyalty account, which simplifies the transaction system 100 and interactions thereof, as described above.
  • the transaction data may be sent to the loyalty scheme provider 120 with the sensitive information (for example, the loyalty account identifier or a corresponding loyalty card number) previously received by the loyalty scheme server 120 to enable the loyalty scheme provider 120 to identify the relevant user account.
  • the transaction data may include one or more of the following: a unique payment account or card identifier; an authentication code; a transaction identifier; a transaction amount; a transaction currency; a transaction date and time; a merchant descriptor name; and a merchant identifier.
  • the loyalty scheme server 120 analyses the transaction data to determine any updates to be made to a corresponding user account. This analysis may comprise comparing the transaction data to data relating to the merchant, either stored by the loyalty scheme server 120 , or provided by the merchant's POS device 150 , to determine the eligibility of the transaction data for being the basis on which an update to a user's loyalty account is made.
  • the loyalty scheme provider may update a user account by incrementing a counter value based on received transaction data. For instance, a number of points may be awarded to a user's loyalty account based on a monetary value of a transaction.
  • the transaction system 100 enables the loyalty scheme server 120 to receive details on transactions from the payment processing server 110 without needing to become PCI compliant.
  • PCI DSS Payment Card Industry Data Security Standard
  • the invention also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the invention into practice.
  • the program may be in the form of non-transitory source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other non-transitory form suitable for use in the implementation of processes according to the invention.
  • the carrier may be any entity or device capable of carrying the program.
  • the carrier may comprise a storage medium, such as a solid-state drive (SSD) or other semiconductor-based RAM; a ROM, for example a CD ROM or a semiconductor ROM; a magnetic recording medium, for example a floppy disk or hard disk; optical memory devices in general; etc.
  • SSD solid-state drive
  • ROM read-only memory
  • magnetic recording medium for example a floppy disk or hard disk
  • optical memory devices in general etc.

Abstract

Disclosed herein is a computer-implemented method of managing sensitive information and the communication thereof. The method comprising: receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server; receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and associating, by the first server, the first sensitive information with the second sensitive information. The first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.

Description

    BACKGROUND Field
  • The present application relates to managing communications of a networked system and, more specifically, to a server computer and a method for managing the transfer of sensitive information between multiple entities within such a system.
    • Description of the Related Technology
  • As technologies advance, the number of cashless transactions being carried out is ever increasing, which results in an increasing amount of data associated with such transactions being transferred across payment networks, often including several different entities. Typical transaction systems, that are part of such payment networks, allow a user to make a payment using a payment card or a computing device by obtaining information from the card or device and communicating details of the transaction and the obtained information to an entity within the system, such as a payment service provider, for further processing.
  • Certain transaction systems comprise a third party, with which the user has an account and to which communications regarding the transaction are exchanged in order to update a status of the user's account based on the details of the transaction.
  • It would be advantageous to improve a transaction system that exchanges a plurality of communications relating to a transaction. In addition, it would be advantageous to increase the security of the communications sent to third parties within a transaction system.
    • SUMMARY
  • According to a first aspect of the present disclosure there is provided a computer implemented method. The method comprising: receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server; receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and associating, by the first server, the first sensitive information with the second sensitive information. The first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.
  • According to a second aspect of the present disclosure there is provided a server computer comprising: a processor; and a computer readable medium configured to store executable instructions, wherein the server computer is configured to communicate with a user device and a second server computer, and the processor is configured to execute the stored executable instructions to: receive, from the second server computer via a first communication channel, first sensitive information relating to a user having an account with the second server; receive, from the user device, second sensitive data associated with the user, wherein the second sensitive information is different to the first sensitive information; receive, from the user device via a second, different communication channel, second sensitive information via the data entry page; and associate the first sensitive information with the second sensitive information.
  • According to a third aspect of the present disclosure there is provided a system comprising a client computer, a first server and a second server, wherein the first server is configured to: interact with the second server and the client computer via respective data transfer channels; receive, from the second server via the respective data transfer channel, first sensitive information relating to a user having an account with the second server and associated with the client computer; provide a data entry page accessible by the client computer; receive, from the client computer via the respective data transfer channel, second sensitive information associated with the user via the data entry page, wherein the second sensitive information is different to the first sensitive information; and link the first sensitive information with the second sensitive information; wherein the client computer is configured to: access the data entry page to allow the user to input the second sensitive information into the data entry page; and provide the second sensitive information to the first server via the respective data transfer channel; wherein the second server is configured to: identify the account of the user; retrieve the first sensitive information relating to the user using the identified account; and send the first sensitive information to the first server via the respective data transfer channel.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Various features of the present disclosure will be apparent from the detailed description which follows, taken in conjunction with the accompanying drawings, which together illustrate, features of the present disclosure, and wherein:
  • FIG. 1 is a schematic diagram of a transaction system, according to an example.
  • FIG. 2 is a schematic diagram of a first server computer, according to an example.
  • FIG. 3 is a schematic diagram of the transaction system of FIG. 1 , according to an example.
  • FIG. 4 is a schematic diagram of the transaction system of FIG. 1 , according to an example.
  • FIG. 5 is a schematic diagram of a user device, according to an example.
  • FIG. 6 is a schematic diagram of a transaction system, according to an example.
  • FIG. 7 is a schematic representation of a database stored by a first server computer, according to an example.
    •  DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS
  • FIG. 1 shows a transaction system 100 to which embodiments described herein have particular applications.
  • The transaction system 100 comprises a first server computer 110, a second server computer 120 and a user device 130. The first server computer 110 and the second server computer 120 communicate via a first communication channel 210. The first server computer 110 and the user device 130 communicate via a second communication channel 220. In one example, the first server computer 110 and the second server computer 120 may receive, process, and maintain information relating to a user of the user device 130 and any transactions carried out using the same. The first and second communication channels 210, 220 may be communication channels across a network, such as the Internet or a private network.
  • The user device 130 may be a client computer associated with a user, a portable electronic device, such as a smartphone, a smartwatch, a wearable device, or a tablet computer. The user device 130 may execute a software application, such as an electronic mobile wallet application storing payment data relating to the user that enables the user to carry out transactions using the device.
  • FIG. 2 shows the first server computer 110 to which embodiments described herein have particular applications. The first server computer 110 comprises a communication interface 111, a memory 112, and a processor 130. The communication interface 111 receives and transmits communications via the first and second communication channels 210 and 220 (FIG. 1 ) to thereby interact with the second server computer 120 and the user device 130. The communication interface 111 is coupled to the memory 112 and the processor 113 and forwards any received communications to the processor 113 via an internal bus (not shown). The memory 112 is coupled to the processor 113 and stores computer readable instructions 114 that are executable by the processor 113 to cause the first server computer 110 to perform one or more processes. As an example, the processor 113 may execute computer-readable instructions of one or more software applications.
    • Linking Data
  • In one example, a user associated with the user device 130 may have an account with the second server computer 120. For example, the second server computer 130 may provide a service to the user and maintain a record for the user, where the record contains sensitive information relating to the user. In one example, the sensitive information may be a user's name, address, date of birth, account identifier, and historical transaction data. In addition, a user associated with the user device 130 may have one or more other accounts with the first server computer 110. For instance, the first server computer 110 may host services that are accessible by the user device 130 and maintain a record per service for the user, where the record contains sensitive information relating to the user. In one example, the sensitive information may be payment information comprising payment card details (such as, a primary account number (PAN), a card identifier, digits from a card number and a card security code), payment account details of the user (such as, a bank name and an account number), and historical payment data for the user.
  • In one example, the system 100 may perform a data linking process for the user using the first and second communication channels 210, 220, described in more detail in relation to FIG. 3 below. As a result of such a data linking process, an association may be defined between different sensitive information of the user, originating from different sources, which can be utilized by other processes, described in more detail in relation to FIG. 6 .
  • FIG. 3 shows the system 100 of FIG. 1 and a flow of communications exchanged between the component parts of the system 100 as part of a data linking process, according to an example.
  • At step S301, the first server computer 110 receives a first message M1 containing first sensitive information from the second server computer 120. The first sensitive information relates to a user who has an account with the second server computer 120.
  • At step S302, the first server computer 110 receives a second message M2 containing second sensitive information from the user device 130. The second sensitive information is received via a data entry page hosted by the first server computer 110 and is communicated to the first server computer 110. The data entry page is configured to receive second sensitive data associated with the user. The second sensitive information is different to the first sensitive information. In one example, after receiving the second sensitive information, the first server computer 110 may validate the second sensitive information before the second sensitive information is associated with the first sensitive information.
  • In some examples, step S301 is be triggered by the user device 130 accessing a webpage hosted by the second server computer 120, for example, accessing a user account as a result of a user interacting with the user device 130 and navigating to their account using a web browser on the device 130. In some instances, step S130 may be triggered without user involvement, for example, by the user device 130 connecting to a network associated with the second server computer 120, for example, a Wi-Fi network.
  • After 302, the first server computer 110 associates the first sensitive information with the second sensitive information within a database (FIG. 7 ) that the first server computer 110 maintains. For example, the association of the first and second sensitive information may be the storing of the first and second information in with the same user identifier, the storing of both the first and second information within a single record maintained by the first server computer 110 and associated with the user, and the storing of the first and second sensitive information in separate records that include a pointer to one another. In each example, any future access request specifying a common user identifier, or identifying one of the first and second sensitive information, such as a read request, to the or each record could result in retrieval, or at least identification, of both the first and the second sensitive information.
  • In one example, after receiving the second sensitive information, the first server computer 110 may validate the second sensitive information before the second sensitive information is associated with the first sensitive information.
  • In one example, the process described in relation to FIG. 3 may be repeated in order to link further sensitive information with the first sensitive information in a many-to-one relationship.
  • The use of the different communication channels for sending respective sensitive information enables the different sensitive information to be securely received at a single location, first server computer 110, from different sources: in this example the second server computer 120 and the user device 130. In particular because (i) the first sensitive information is communicated directly to the first server computer 110 from the second server computer 120 and is not shared with the user device 130 and (ii) the second sensitive information is communicated directly to the first server computer 110 from the user device 130 and is not shared with the second server computer 120. Consequently, the number of separate communications containing sensitive information is reduced compared to a system that does not have two different and direct communication channels between a source of information and a target for the information. This increases the security and the efficiency of the system 100.
  • In addition, the amount of sensitive information per communication is reduced, which increases security because if any one communication is intercepted by an unauthorized third party only a single piece of sensitive information will be compromised.
  • Moreover, the association between the first and second sensitive information and the direct communication between the first and second server computer 110, 120 increases the efficiency of a process carried out by the second server computer 120 using the first sensitive information because the process is automatically initiated by another process carried out by the first server computer 110 using the second sensitive information, and vice versa. In addition, the association means there is no need to provide the first or second sensitive information to the first server computer 110 in order to initiate any subsequent processes using the respective information because the first server already stores the association and the first and second sensitive information.
  • Furthermore, the direct communication 210 between the second server computer 120 and the first server computer 110 has the effect that the user device 130 is not involved in generating the first sensitive information or providing the first sensitive information to the first server computer 110. In this way, the user device is not involved with the first sensitive information which: (i) eliminates the risk of erroneous input of the information at the user device 130 (so increases the reliability of information); and (ii) avoids storing the first sensitive information on the user device 130, for example a browser operating on the user device 130 may store such sensitive information within a browser history or web log, which are considered to be unsecure. In addition, the number of communications containing the first sensitive information is reduced, thus reducing the risk of interception of the first sensitive information.
  • FIG. 4 shows the system 100 of FIG. 1 and a flow of communications between the components parts of the system 100, according to an example. FIG. 4 provides further detail to the example of FIG. 3 .
  • As for step S301, at step S401 the first server computer 110 receives a first message M11 comprising first sensitive information from the second server computer 120, where the first sensitive information relates to a user having an account with the second server computer 120. In one example, the second server computer 120 maintains a database comprising information relating to a plurality of users. Each of the users may have an account, such as an online account, with the second server computer 120, whereby the user has previously provided particular information to the second server computer 120 and is provided with a service, where the provided information is stored within a record of the database corresponding to their account. The second server computer 120 may store information relating to each user in corresponding record(s) of the database to facilitate access to an account of a user to obtain first sensitive information. In one example, the second server computer 120 may search its database using an identifier associated with a user in order to locate corresponding account information. The user device 130 may provide the identifier to the second server computer 120. In some examples, the message M11 also contains a re-direct URL, generated by the second server computer 120, and to be forwarded to the user device at a later point in time (step S406).
  • At step S402, the first server computer 110 generates and transmits a second message M12 comprising a session identifier to the second server computer 120. In some examples, the second message M12 may be embedded within a first token. The first token may be used as a replacement or substitute for the session identifier.
  • At step S403, the second server computer 120 generates a third message M13 that forwards the session identifier and a URL for a data entry page associated with the session identifier to the user device 130. The URL is generated by the second server computer 120 and is specific to the user of the user device 130 to allow the second server computer 120 to identify which user is the subject of any communication sent to the URL. The second server computer 120 may use the first token to provide the session identifier to the user device 130. For example, the session identifier may be embedded within or appended to the first token. The URL and the session identifier enable the user device to access the corresponding data entry page hosted by the first server computer 110 and to provide second sensitive information to the first server computer 110 via the data entry page.
  • At step S404, in response to receiving a request using the URL and the session identifier from the user device 130, the first server computer 110 may serve e.g. a web data entry page to a browser on the user device 130, included in a fourth message M14. In some examples, the data entry page is opened as an iFrame within the browser. In some examples, the first server computer 110 transmits a second token with the data entry page, where the first and second tokens are different. The second token may be used to submit data into the data entry page.
  • The use of first and second tokens provides another way of verifying the integrity of received data and thus enables an intercepted communication to be more easily identified if the token has been modified. In one example, the first and second tokens may be JSON web tokens (JWT) that are one-time use tokens and locked to a particular resource, which, in the example of FIG. 4 , is the session identifier for the first token and is the submitted data for the second token. The JWT may be present in the header of a HTTPS request between the respective entities of the system 100 and used to verify the source of the data or message that the JWT accompanies. In one example the JWT is generated using an asymmetric algorithm, such as the RSA256 algorithm.
  • At step S405, the first server computer 110 receives a fifth message M15 that comprises the second token comprising the session identifier and the second sensitive information from the user device 130 via the data entry page. The session identifier provides a way for the user device 130 to identify to the first server computer 110 that the second sensitive information is sent by the user device 130. The first server computer 110 validates the second sensitive information, by, in some examples, forwarding the second sensitive information to an account validating entity.
  • After the second information is validated the first server computer 110 associates the second sensitive information with the first sensitive information.
  • At step S406, the first server computer 110 provides the re-direct URL to the user device 130 in a seventh message M17. The re-direct URL causes the browser of the user device 130 to automatically access a webpage associated with the second server computer 120 and identified by the re-direct URL.
  • In one example, the process described in relation to FIG. 4 may be repeated with other server computers in direct communication with the first server computer 110 so that the first server computer 110 links other sensitive information received from the respective other servers with the second sensitive information. As such, the second sensitive information may be linked with information provided by multiple sources and thus be in a many-to-one relationship. Consequently, an access request for the second sensitive information submitted to a database of the first server computer 110 could return some or all sensitive information previously associated with the second sensitive information by the first server computer 110.
  • FIG. 5 shows the user device 130. The user device 130 may be running a web browser 132 that accesses a webpage hosted by the second server computer 120 to initiate a data linking process at step S401 of FIG. 4 . The web browser 132 may also access a data entry page 134 hosted by the first server computer 110 at step S404 of FIG. 4 . The web browser 132 accesses the data entry page 134 by providing a session identifier to the first server computer 110, where the session identifier was received from the first server computer 110 via the second server computer 120 at step S403 of FIG. 4 . The web browser 132 may subsequently access a web page associated with the re-direct URL provided to the user device 130 at step S406 of FIG. 4 .
    • Use Cases-Linked Data
  • In some examples, the linked or associated sensitive information maintained by the first server computer 110 may be an association between different sources, such as an electronic wallet application executing on a user device and a loyalty scheme account of a loyalty scheme provider, and used to process transactions involving the user device.
  • FIG. 6 shows the system 100 of FIG. 1 and a flow of communications transferred between the component parts of the system 100 as part of a process of using linked data, according to an example.
  • In this example system 100 is communicatively coupled to a merchant point-of-sale (POS) device 150. The POS device 150 is associated with a merchant that provides goods and/or services, or access thereto, to a user based on a transaction.
  • To initiate such a transaction, at step S601, the user device 130, such as a mobile phone executing an electronic wallet application, provides sensitive information to the POS device 150. In one example, the sensitive information comprises payment card details or details of a payment account. At step S602, the POS device 150 communicates the sensitive information and corresponding transaction data to the first server computer 110. In one example, the corresponding transaction data comprises a transaction amount. In one example, the POS device 150 is in communication with another computing entity that processes the payment and/or transaction data before forwarding it on to the first server computer 110.
  • The first server computer 110 maintains a database 700 (FIG. 7 ) containing sensitive information for a plurality of users that each have an account with the first server computer 110.
  • In the example of FIG. 7 , the database 700 has five columns: Record ID; Surname; Loyalty card ID, Payment card ID; and Account number, and maintains a plurality of records 730, each corresponding to a respective user. The loyalty card ID column contains the first sensitive information 710 previously provided to the first server computer 110 by the second server computer 120 as part of a data linking process (described in relation to FIGS. 1-5 ). The Payment card ID and the Account number columns contain the second sensitive information 720 previously provided to the first server computer 110 by the user device 130 as part of the data linking process (described in relation to FIGS. 1-5 ).
  • Based on the sensitive information received at step S601, such as payment card details or details of a payment account, the first server computer 110 identifies a record of the plurality of records in the database 700 associated with the user device 130. In this example, the sensitive information comprises a payment card identifier “3003”. Accordingly, the identifier “3003” is used as the basis for a search within the database 700. A search based on “3003” would identify the record with record ID “3” in the database 700. The first server computer 110 proceeds to retrieve other sensitive information, such as the loyalty card ID number “67832”, that was previously associated with the received sensitive information “3003” in a data linking process from the identified record “3”, where at least some of the other sensitive information was previously provided by the second server computer 120 in accordance with steps 301 and 401 described above.
  • Returning to FIG. 6 , at step S603, the first server computer 110 communicates the transaction data and at least some of the sensitive information, including at least the loyalty card ID “67832” within the identified record “3” to the second server computer 120 with which the user of the user device 130 has an account. The second server computer 120 identifies the user's account using the loyalty card ID “67832” and updates the user's account based on the transaction data.
  • In some examples, after step S603, the second server computer 120 sends a communication to the user device 130 notifying the user that their account with the second server computer 120 has been updated based on the transaction.
  • In other examples, the first server computer 110 may be queried, for example by the second server computer 120, to retrieve details of the association between an account maintained by the second server computer 120 and one or more maintained by the first server computer 110.
    • Implementation Examples
  • The system 100 described in relation to FIGS. 1-7 may have particular application in a transaction system where the first server computer 110 is a payment processing server and the second server computer 120 is a loyalty scheme server. The payment processing server 110 may comprise a transaction service provider and/or an issuer server, or be in communication therewith, to process transaction and payment data to enable a transaction between a user and a merchant to be authorized and completed. The loyalty scheme server 120 maintains loyalty accounts for a plurality of users and updates the status of each account based on and in response to transactions that the respective users carry out at merchant locations, for example, at a merchant's POS device, which may be in a store or implemented as software on the merchant's website. As such, the loyalty scheme server 120 and the payment processing server 130 have a shared interest in user transactions.
  • As described above, different sensitive information relating to a user and received from different sources may be linked or associated with one another. In the aforementioned transaction system example, the payment processing server 110 receives sensitive information relating to a user from the loyalty scheme server 120 (for example, a loyalty scheme identifier) and the user device 130 (for example, payment card details) and defines an association between the two and thus, a user's loyalty account, for which a user may have a physical or an electronic loyalty account card, and a user's payment account, for which the user may have a physical or an electronic payment card. Accordingly, the association between the user's loyalty account and the user's payment account would be understood to be an association between the user's loyalty account card and the user's payment account card. In one example, a user may link multiple payment cards to a single loyalty account card by repeating the methods described in relation to FIGS. 3 and 4 . In such a scenario, in the example of FIG. 7 the database would contain a single “Loyalty card ID” column and multiple “Payment card ID” columns, such as “1st Payment card ID”, “2nd Payment card ID”, etc.
  • As described in relation to FIGS. 6 and 7 , based on an association between different sensitive information relating to a single user, transaction data may be monitored and passed directly from the payment processing server 110 to the loyalty scheme server 120 so that a user account maintained by the loyalty scheme server 120 can be updated, without requiring user intervention or further communications with the user device 130, when the payment processing server 110 is processing a transaction. For instance, the user is not required to separately interact with the merchant's POS device 150 using their loyalty account card and their payment account card. Rather, a single interaction between the POS device 150 and the user's payment account card facilitates the updating of the user's loyalty account, which simplifies the transaction system 100 and interactions thereof, as described above.
  • The transaction data may be sent to the loyalty scheme provider 120 with the sensitive information (for example, the loyalty account identifier or a corresponding loyalty card number) previously received by the loyalty scheme server 120 to enable the loyalty scheme provider 120 to identify the relevant user account. The transaction data may include one or more of the following: a unique payment account or card identifier; an authentication code; a transaction identifier; a transaction amount; a transaction currency; a transaction date and time; a merchant descriptor name; and a merchant identifier.
  • The loyalty scheme server 120 analyses the transaction data to determine any updates to be made to a corresponding user account. This analysis may comprise comparing the transaction data to data relating to the merchant, either stored by the loyalty scheme server 120, or provided by the merchant's POS device 150, to determine the eligibility of the transaction data for being the basis on which an update to a user's loyalty account is made.
  • In one example, the loyalty scheme provider may update a user account by incrementing a counter value based on received transaction data. For instance, a number of points may be awarded to a user's loyalty account based on a monetary value of a transaction.
  • Fewer communications are used within the transaction system 100 and thus, less sensitive information is communicated within the system, which means the loyalty scheme server 120, and the transaction system 100 as a whole, operates in a much more efficient and secure way. In addition, in some examples the loyalty scheme server 120 may not comply with the Payment Card Industry Data Security Standard (PCI DSS), and thus may be referred to as being outside “PCI scope”. Accordingly, the transaction system 100 enables the loyalty scheme server 120 to receive details on transactions from the payment processing server 110 without needing to become PCI compliant.
  • In the preceding description, for purposes of explanation, numerous specific details of certain examples are set forth. Reference in the specification to “an example” or similar language means that a particular feature, structure, or characteristic described in connection with the example is included in at least that one example, but not necessarily in other examples.
  • Although at least some aspects of the embodiments described herein with reference to the drawings comprise computer processes performed in processing systems or processors, the invention also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the invention into practice. The program may be in the form of non-transitory source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other non-transitory form suitable for use in the implementation of processes according to the invention. The carrier may be any entity or device capable of carrying the program. For example, the carrier may comprise a storage medium, such as a solid-state drive (SSD) or other semiconductor-based RAM; a ROM, for example a CD ROM or a semiconductor ROM; a magnetic recording medium, for example a floppy disk or hard disk; optical memory devices in general; etc.
  • The above examples are to be understood as illustrative. It is to be understood that any feature described in relation to any one example may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the examples, or any combination of any other of the examples. Furthermore, equivalents and modifications not described above may also be employed.

Claims (20)

What is claimed is:
1. A computer-implemented method comprising:
receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server;
receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and
associating, by the first server, the first sensitive information with the second sensitive information;
wherein the first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.
2. The computer-implemented method of claim 1, further comprising, in response to receiving the first sensitive information:
transmitting, by the first server to the second server, a session identifier, wherein the second server forwards the session identifier to the user device so that the user device can access the data entry page.
3. The computer-implemented method of claim 1, further comprising, in response to receiving the first sensitive data:
transmitting, by the first server to the second server, a first token with the session identifier.
4. The computer-implemented method of claim 3, further comprising:
providing, by the first server to the user device, a second token and the data entry page, wherein the second token is used to provide the second sensitive information to the first server.
5. The computer-implemented method of claim 4, wherein the first and second tokens are different tokens.
6. The computer-implemented method of claim 1, further comprising:
receiving, by the first server from the second server, a re-direct URL; and
providing, by the first server to the user device, the re-direct URL, such that a browser of the user device automatically accesses a resource associated with the second server using the re-direct URL after the second sensitive information has been inputted to the data entry page.
7. The computer-implemented method of claim 1, further comprising:
accessing, by the second server, the account of the user; and
obtaining the first sensitive information.
8. The computer-implemented method of claim 1, further comprising:
receiving, by the second server, an identifier of the user, wherein the identifier is associated with the account of the user.
9. A computer readable medium comprising instructions executable by a processor to cause the processor to perform the computer-implemented method of claim 1.
10. A server computer comprising:
a processor; and
a computer readable medium configured to store executable instructions,
wherein the server computer is configured to communicate with a user device and a second server computer, and the processor is configured to execute the stored executable instructions to:
receive, from the second server computer via a first communication channel, first sensitive information relating to a user having an account with the second server;
receive, from the user device, second sensitive data associated with the user, wherein the second sensitive information is different to the first sensitive information;
receive, from the user device via a second, different communication channel, second sensitive information via the data entry page; and
associate the first sensitive information with the second sensitive information.
11. The server computer of claim 10, configured to:
host a data entry page accessible by the user device and configured to receive the second sensitive data.
12. The server computer of claim 11, wherein the processor is configured to execute the stored executable instructions to:
transmit, to the second server computer via the first communication channel, a session identifier, wherein the second server computer forwards the session identifier to the user device so that the user device can access the data entry page.
13. The server computer of claim 10, wherein the processor is configured to execute the stored executable instructions to:
transmit, to the second server computer via the first communication channel, a first token with the session identifier.
14. The server computer of claim 13, wherein the processor is configured to execute the stored executable instructions to:
provide, to the user device via the second communication channel, a second token and the data entry page, wherein the second token is used to provide the second sensitive information to the server computer.
15. The server computer of claim 14, wherein the first and second tokens are different tokens.
16. The server computer of claim 12, wherein the processor is configured to execute the stored executable instructions to:
receive, from the second server computer via the first communication channel, a re-direct URL; and
provide, to the user device via the second communication channel, the re-direct URL, such that a browser of the user device automatically accesses a resource associated with the second server computer using the re-direct URL after the second sensitive information has been inputted to the data entry page.
17. A system comprising a client computer, a first server and a second server,
wherein the first server is configured to:
interact with the second server and the client computer via respective data transfer channels;
receive, from the second server via the respective data transfer channel, first sensitive information relating to a user having an account with the second server and associated with the client computer;
provide a data entry page accessible by the client computer;
receive, from the client computer via the respective data transfer channel, second sensitive information associated with the user via the data entry page, wherein the second sensitive information is different to the first sensitive information; and
link the first sensitive information with the second sensitive information;
wherein the client computer is configured to:
access the data entry page to allow the user to input the second sensitive information into the data entry page; and
provide the second sensitive information to the first server via the respective data transfer channel;
wherein the second server is configured to:
identify the account of the user;
retrieve the first sensitive information relating to the user using the identified account; and
send the first sensitive information to the first server via the respective data transfer channel.
18. The system of claim 17, wherein:
the first server is configured to:
send a session identifier to the second server via the respective data transfer channel; and
the second server is configured to:
forward the session identifier to the client computer; and
the client computer is configured to:
access the data entry page using the session identifier.
19. The system of claim 18, wherein:
the first server is configured to, in response to receiving the first sensitive data:
send a first token with the session identifier to the second server via the respective data transfer channel.
20. The system of claim 19, wherein:
the first server is configured to:
provide a second token to the client computer; and
the client computer is configured to:
use the second token to provide the second sensitive information to the first server.
US17/640,515 2019-09-05 2019-09-05 Managing Communication Of Sensitive Information Pending US20220417223A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/073772 WO2021043413A1 (en) 2019-09-05 2019-09-05 Managing communication of sensitive information

Publications (1)

Publication Number Publication Date
US20220417223A1 true US20220417223A1 (en) 2022-12-29

Family

ID=68062891

Family Applications (1)

Application Number Title Priority Date Filing Date
US17/640,515 Pending US20220417223A1 (en) 2019-09-05 2019-09-05 Managing Communication Of Sensitive Information

Country Status (3)

Country Link
US (1) US20220417223A1 (en)
CN (1) CN114341911A (en)
WO (1) WO2021043413A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230109278A1 (en) * 2021-10-01 2023-04-06 Dell Products, L.P. Scope-based access control system and method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9064376B1 (en) * 2014-06-06 2015-06-23 Aviel David Rubin Utilization of multiple devices to secure online transactions
US10897358B2 (en) * 2015-07-07 2021-01-19 Aducid S.R.O. Method for mapping at least two authentication devices to a user account using an authentication server

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7318049B2 (en) * 2000-11-17 2008-01-08 Gregory Fx Iannacci System and method for an automated benefit recognition, acquisition, value exchange, and transaction settlement system using multivariable linear and nonlinear modeling
US10949870B2 (en) * 2013-06-25 2021-03-16 Brian Booth Techniques for user-controlled real-time data processing
US10853835B2 (en) * 2016-01-04 2020-12-01 Scvngr, Inc. Payment system with item-level promotional campaigns redeemable automatically at point-of-sale devices
US11144945B2 (en) * 2017-12-07 2021-10-12 Visa International Service Association Method, system, and computer program product for communicating loyalty program identification data

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9064376B1 (en) * 2014-06-06 2015-06-23 Aviel David Rubin Utilization of multiple devices to secure online transactions
US10897358B2 (en) * 2015-07-07 2021-01-19 Aducid S.R.O. Method for mapping at least two authentication devices to a user account using an authentication server

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230109278A1 (en) * 2021-10-01 2023-04-06 Dell Products, L.P. Scope-based access control system and method

Also Published As

Publication number Publication date
WO2021043413A1 (en) 2021-03-11
CN114341911A (en) 2022-04-12

Similar Documents

Publication Publication Date Title
US11949670B2 (en) Method and system for trustworthiness using digital certificates
AU2021204210B2 (en) Method and system for validation of hashed data via acceptance frames
CA3004423C (en) Method and system for use of a blockchain in a transaction processing network
US11928679B2 (en) Method and system for authorization using a public ledger and encryption keys
CN109716707B (en) Server apparatus and method for distributed electronic recording and transaction history
US20190303942A1 (en) Fraud management using a distributed database
AU2020203574A1 (en) Method and system for processing of a blockchain transaction in a transaction processing network
US20190172067A1 (en) Method and system for risk scoring anonymized transactions
US20180330342A1 (en) Digital asset account management
US20180322489A1 (en) System and method for restricted transaction processing
US20180181953A1 (en) Method and system for anonymous directed blockchain transaction
US20170097996A1 (en) Systems and Methods for Privacy Preservation
US20140164047A1 (en) Systems and methods for facilitating call request aggregation over a network
US20170083914A1 (en) Method and system for managing authentication services customer data
US20220417223A1 (en) Managing Communication Of Sensitive Information
US20200204553A1 (en) Method, apparatus and computer program product for exchanging messages across a network
US20230281653A1 (en) System and methods for soft credit approval using text redirect

Legal Events

Date Code Title Description
AS Assignment

Owner name: VISA INTERNATIONAL SERVICE ASSOCIATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PRASAD, RANJIVA;KRAMER, DEAN;GANGWANI, VISHAL;AND OTHERS;SIGNING DATES FROM 20190710 TO 20190810;REEL/FRAME:059305/0617

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED